Performing those steps with the CA chain from Thawte didn't make a difference in this particular issue. The Root CA was already installed on the service, connector, and data vm's. I did install the intermediate CA as well.
Out of curiosity, could the wizardssl.hzn script be modified to install our Thawte certificate instead of a self-signed one? I'm not linux guru, but it seems that it's calling up a secondary script at /usr/local/horizon/scripts/installSslCert.hzn. Could the mismatch between the fact that currently the self signed cert is installed (since I've not been able to get past this step to 2h) on the vm's but the third part cert is installed on the load balancer have anything to do with this?
Edit: I redeployed from the .ova today, and I also pointed the DNS entry myurl.company.com to the gateway-va's IP address. After running the wizardssl.hzn script, I was able to continue past step 2a using the internal database, but I received the same error using the external database that I originally did when I had issues using the internal database. I then completed configuration, and noticed that when myurl.company.com is pointed to the gateway, it's still using the self-signed cert, so that further makes me believe that I need to find a way to install the trusted cert on the gateway. I could be wrong, though.
Message was edited by: freythman